[debian-mysql] Bug#914172: Bug#914172: Bug#914172: mariadb-server-10.1: mariadb-server sec-update (10.1.37-0+deb9u1) uninstalls default-mysql-server, mysql-server, mariadb-server-10.1 & mariadb-client-10.1

David Escala descala at ingent.net
Thu Nov 22 09:44:42 GMT 2018

Our servers where also affected by this issue in Debian Stretch 9.5.

The apt command we are running in /etc/cron-apt/action.d/5-install is 
the same used by the OP:

dist-upgrade -y -o APT::Get::Show-Upgraded=true -o 
Dir::Etc::sourcelist=/etc/apt/sources.list.d/security.sources.list \
  -o Dir::Etc::sourceparts=nonexistent -o 
DPkg::Options::=--force-confdef -o DPkg::Options::=--force-confold

If I downgrade mariadb to the state prior to the security update with:

[root at db ~]# apt-get install mariadb-server-10.1=10.1.26-0+deb9u1 
mariadb-server-core-10.1=10.1.26-0+deb9u1 \
   mariadb-server-10.1=10.1.26-0+deb9u1 mariadb-client-10.1=10.1.26-0+deb9u
[root at db ~]# apt purge libconfig-inifiles-perl

Then the dist-upgrade above removes mariadb-client-10.1 mariadb-server-10.1

But if I first manually install libconfig-inifiles-perl, then the 
dist-upgrade works as expected without package removals.

As Olaf said the issue is adding a dependency of mariadb-client-10.1 in 
a security update.
This, plus the restriction in the apt command to only use security 
sources, makes dist-upgrade
remove any package with a failed dependency.

Perhaps we should change the apt dist-upgrade command for security 
updates (suggestions?), but
not adding new dependencies in a security update may also be a good policy.

David Escala

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3992 bytes
Desc: Signatura criptogràfica S/MIME
URL: <http://alioth-lists.debian.net/pipermail/pkg-mysql-maint/attachments/20181122/d858a77c/attachment.bin>

More information about the pkg-mysql-maint mailing list